1. Field of the Invention
The present invention relates generally to cryptographic systems, and more particularly, to securing keys in a cryptographic system.
2. Description of Related Art
The increasing accessibility of public networks, such as the Internet, allow a wide variety of data to be quickly and cost effectively accessed from virtually anywhere. The Internet, for example, allows users to access databases such as web page servers from any computer connected to the Internet.
A challenge associated with accessing data at remote databases over insecure networks is user authentication. That is, before sending data, which may be personal or confidential, the data provider would like to verify that the recipient is who he claims to be.
Traditional authentication is performed using a user name (login name) and a user password. When challenged by the remote data service, the user enters his login name and password. If the entered information matches the login name and password pre-stored at the service, the user is considered to be authentic and is allowed access.
One disadvantage of the above authentication technique is that the user's password is stored on the authenticating computer. Accordingly, if the authenticating computer is compromised, the user's password may be stolen and subsequently used to authenticate unauthorized parties. Even if the authenticating computer is hardened against external attacks, the user's password is still vulnerable to attacks originating from inside. Moreover, even if the authentication is done by first hashing the password, an insider can still determine the password through a brute force search through the password space until he finds one that hashes to the correct value. This search will be feasible if the user chooses a weak password, as users commonly do.
Another aspect of cryptography related to authentication is the secure storage of cryptographic keys. In public key cryptography, a cryptographic algorithm is used with two numerical codes called keys, one of which is referred to as the public key and the other the private key. To encrypt information, a user inputs a public key to the cryptographic algorithm along with the information to be encrypted. The resultant information, encrypted with the public key, can only be decrypted with the corresponding private key. For example, if a first user encrypts a message with the public key, only the holder of the private key can recover the original message. Even the first user, absent the private key, cannot decrypt the message.
Parties wishing to securely communicate with one another over an insecure network using a public key cryptographic system begin by exchanging their public keys. The sending party then encrypts its information using the second party's public key. The second party decrypts the received information using its private key. Similarly, when digitally signing a document using public key cryptographic systems, the signing party signs the document using its private key. Correctly decrypting the signature with the signing parties public key verifies the identity of the signing party.
For a public key cryptographic system to be reliable, the communicating parties must keep their respective private keys secure. A user's private key is typically stored at the user's computer. Alternatively, the user's private key may be stored at a remote key server. In either situation, the user's private key may be compromised if the computer(s) storing the private key are compromised, either by an external attack or by internal duplicity.
Often users want to use their private key from some computer other than the computer that they used to create the private key. One way to do this is to store the key encrypted by a user's password at a remote key server. However, if the user chooses a weak password, and the key server is compromised, then the user's private key can be determined.
Thus, there is a need in the art to improve the security of stored passwords and/or keys.